Walker Aumann has said > > I ran over something last week while playing around with our Suns (4.1.3), > and thought I'd pass it on to you while it makes its way through Sun. > > ruserok() denies access if /etc/hosts.equiv contains a line with only a '+'. > This seems like a Good Thing to me, even though it's not expected behaviour, > but it makes me wonder about rlogin, rcp, and rsh, since they still seem to > work correctly (i.e., they let anyone who wants to walk all over your machine). > > Walker Define what you meant by ``ruserok denies access'' -- As far as I can tell, ruserok() function, which is defined in rcmd.o module of libc returns a ``0'' if the machine name is listed in the ``hosts.equiv'' file or the host and remote user name are found in the ``.rhosts'' file; Otherwise it just returns a ``-1'', so having a ``+'' in /etc/hosts.equiv means that ruserok in fact does NOT deny access. Actually, you might want to modify rcmd.o to *always* deny, because aside of that it's being broken (doesn't check permission of .rhosts or, /etc/hosts.equiv) it's also vulnerable to source routing, or any kind of DNS games -- after all it uses gethostbyaddr(3N) to determine whether or not you're coming from a *trusted* site. --- Jonathan jsz@netsys.com